Enable Password Authentication for OPENVPN
1. Server Configuration
1. Modify the main configuration file of openvpn and add the following content:
[Root @ ttt openvpn] # cat/etc/openvpn/server. conf | more
######### Auth password ########
Script-security 3 ### -- add script processing, such as password verification
Auth-user-pass-verify/etc/openvpn/checkpsw. sh via-env ### specify only authentication scripts
Client-cert-not-required ##### User/Pass authentication is used if the CA certificate is not requested. If both the certificate and password authentication are enabled, comment out the line.
Username-as-common-name ### use the UserName provided by the customer as the Common Name
############################
2. Place checkpsw. sh in the script path in the configuration file.
[Root @ ttt openvpn] # cat checkpsw. sh
#! /Bin/sh
######################################## ###################
# Checkpsw. sh (C) 2004 Mathias Sundman <mathias@openvpn.se>
#
# This script will authenticate OpenVPN users against
# A plain text file. The passfile shoshould simply contain
# One row per user with the username first followed
# One or more space (s) or tab (s) and then the password.
PASSFILE = "/etc/openvpn/psw-file"
LOG_FILE = "/var/log/openvpn-password.log"
TIME_STAMP = 'date "+ % Y-% m-% d % T "'
######################################## ###################
If [! -R "$ {PASSFILE}"]; then
Echo "$ {TIME_STAMP}: cocould not open password file \" $ {PASSFILE} \ "for reading." >$ {LOG_FILE}
Exit 1
Fi
CORRECT_PASSWORD = 'awk '! /^ ;/&&! /^ #/& $1 = "'$ {username}'" {print $2; exit} '$ {PASSFILE }'
If ["$ {CORRECT_PASSWORD}" = ""]; then
Echo "$ {TIME_STAMP}: User does not exist: username = \" $ {username} \ ", password = \" $ {password }\". ">>$ {LOG_FILE}
Exit 1
Fi
If ["$ {password}" = "$ {CORRECT_PASSWORD}"]; then
Echo "$ {TIME_STAMP}: Successful authentication: username = \" $ {username} \ "." >>$ {LOG_FILE}
Exit 0
Fi
Echo "$ {TIME_STAMP}: Incorrect password: username = \" $ {username} \ ", password = \" $ {password} \ "." >$ {LOG_FILE}
Exit 1
3. Grant the script execution permission
[Root @ ttt openvpn] # chmod + x checkpsw. sh
4. Prepare the user name and password authentication file. Separate the user name and password with spaces and ensure that the openvpn start user can read the file.
[Root @ ttt openvpn] # cat psw-file
Client01 123456
Client02 123456789
For the sake of security, change the psw-file Permission as little as possible
[Root @ ttt openvpn] # chmod 400 psw-file
[Root @ ttt openvpn] # chown nobody. nobody psw-file
5. Restart the service process of openvpn
2. Modify the client configuration file and add the following line
Auth-user-pass
3. Enable windows client for Password Authentication